2 matches found
CVE-2022-25172
An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the sessi...
CVE-2022-25172
The CVE-2022-25172 issue affects InHand Networks InRouter302 (v3.5.4): the web interface session cookie is missing the HttpOnly flag, enabling JavaScript access and exposing the session cookie via XSS. TALOS details confirm this information disclosure vulnerability and show tested version 3.5.4; ...